SSH keys can be used to authenticate to the cluster. This is the recommended method and allows you to securely SSH to the compute client without entering a passphrase.
To generate key files ~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub
on your Linux/Unix/MacOS system, use the command ssh-keygen
:
> ssh-keygen -f ~/.ssh/id_rsa_compute Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/${compute_username}/.ssh/id_rsa_compute. Your public key has been saved in /Users/${compute_username}/.ssh/id_rsa_compute.pub. The key fingerprint is: SHA256:P10QiInCIHPUMeIiiP/wtOQwW1D6eItQ75o3pDn+vKk ${compute_username}@macbook.local The key's randomart image is: +---[RSA 2048]----+ |o.=++. . o .. | |o= ++.. o . . | |= = . . | |.+ = . | |. * B S . | | . /.o . . . | | o+B o . | | ++o. . | | .E==o | +----[SHA256]-----+
To avoid typing the passphrase for your key, use ssh-agent:
> eval `ssh-agent` Agent pid 76698
Add your key to the agent:
> ssh-add ~/.ssh/id_rsa_compute Enter passphrase for /Users/${compute_username}/.ssh/id_rsa_compute:
Now copy this SSH ID to the compute client:
> ssh-copy-id -i ~/.ssh/id_rsa_compute ${compute_username}@compute1-client-1.ris.wustl.edu /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/${compute_username}/.ssh/id_rsa_compute.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ${compute_username}@compute1-client-1.ris.wustl.edu's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '${compute_username}@compute1-client-1.ris.wustl.edu'" and check to make sure that only the key(s) you wanted were added.
> ssh ${compute_username}@compute1-client-1.ris.wustl.edu Last login: Mon Oct 28 11:32:02 2019 from 10.23.317.459 > whoami ${compute_username}
You are now able to securely SSH to the compute client without entering a passphrase.